DOCSLIB.ORG

May/June 2021

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
May/June 2021 May/June 2021 SECURITY Seven Ways to Increase Security in a New FreeBSD Installation The copyinout Framework Using TLS to Improve NFS Security Plus: Capsicum Case Study: Got Practical Ports ® J O U R N A L LETTER E d i t o r i a l B o a r d from the Foundation John Baldwin FreeBSD Developer and Chair of • FreeBSD Journal Editorial Board. Justin Gibbs Founder of the FreeBSD Foundation, • President of the FreeBSD Foundation, and a Software Engineer at Facebook. Security Daichi Goto Director at BSD Consulting Inc. • (Tokyo). Information Security has a concept of “Defence in Depth,” a strategy of applying multiple layers of Tom Jones FreeBSD Developer, Internet Engineer • and Researcher at the University of security measures which work in concert to limit the Aberdeen. impact of an attacker gaining unauthorized access to Dru Lavigne Author of BSD Hacks and a system, for example, by exploiting a vulnerability. • The Best of FreeBSD Basics. These layers include techniques applied to the Michael W Lucas Author of more than 40 books including • Absolute FreeBSD, the FreeBSD design of a system or program, those applied during Mastery series, and git commit murder. development, mitigations applied at run-time, and Ed Maste Senior Director of Technology, operational procedures and techniques. • FreeBSD Foundation and Member of the FreeBSD Core Team. The “Principle of Least Privilege” is a technique Kirk McKusick Treasurer of the FreeBSD Foundation that can apply during design and operation. The • Board, and lead author of The Design principle states that a process should operate with and Implementation book series. only those privileges that are required. Tools like static Hiroki Sato Director of the FreeBSD • Foundation Board, Chair of Asia analysis (automated source code analysis) are applied BSDCon, Member of the FreeBSD Core Team, and Assistant during development. Some tools operate on running Professor at Tokyo Institute of software as part of the development process, such as Technology. code-coverage-guided automated fuzzing. American Benedict Reuschling Vice President of the FreeBSD Foundation • Board and a FreeBSD Documentation Fuzzy Lop (AFL) and Syzkaller are two such examples Committer. which have been used to good effect in FreeBSD. Robert N. M. Watson Director of the FreeBSD Foundation Runtime mitigations apply when software is used in • Board, Founder of the TrustedBSD Project, and University Senior Lecturer production. Examples include address randomization at the University of Cambridge. and limitations on memory protection. Finally, Mariusz Zaborski FreeBSD Developer, Manager at operational procedures and techniques include those • Fudo Security. employed by the software author or provider, such as the FreeBSD security team’s process for issuing security advisories, and by the user or sysadmin, such as setting and documenting configuration options. SP O& BWO X 4 0P8 ,U BBE LLF AISTH, MINA I GN E L0 4L9 1C5 Welcome to this security-focused FreeBSD Journal Publisher Walter Andrzejewski issue. We’ll touch on a few different areas related to • [email protected] security, including ports, base system userland and Editor-at-Large James Maurer • [email protected] kernel topics, and system configuration. Design & Production • Reuter & Associates Advertising Sales Walter Andrzejewski • [email protected] Call 888/290-9469 On behalf of the FreeBSD Foundation, Ed Maste Senior Director of Technology FreeBSD Journal (ISBN: 978-0-615-88479-0) is published 6 times a year (January/February, March/April, May/June, July/August, September/October, November/December). Published by the FreeBSD Foundation, 3980 Broadway St. STE #103-107, Boulder, CO 80304 ph: 720/207-5142 • fax: 720/222-2350 email: [email protected] Copyright © 2021 by FreeBSD Foundation. All rights reserved. This magazine may not be reproduced in whole or in part without written permission from the publisher. FreeBSD Journal • May/June 2021 3 May/June 2021 8 Seven Ways to Increase Security in a New FreeBSD Installation By Mariusz Zaborski 14 The copyinout Framework By Konrad Witaszczyk 25 Using TLS to Improve NFS Security By Rick Macklem 33 Capsicum Case Study: Got By Yang Zhong 3 Foundation Letter By Ed Maste 5 We Get Letters Dear They’ll Blame Me for Ransomware by Michael W Lucas 39 Practical Ports Security Scanning a Jail By Benedict Reuschling 43 Events Calendar By Anne Dickison FreeBSD Journal • May/June 2021 4 1 of 3 by Michael W Lucas freebsdjournal.org Dear Letters Columnist, The boss says “everything must be secure.” I started making a list of things to check for security, and there’s no way I can do all this. What do I do? Thank you, — They’ll Blame Me for Ransomware Oh, TBMfR, my sweet summer child. You hit the “rant” button. Buckle in. I’ve previously written in this very column about how the word “firewall” means nothing. The term is void, without clarity or purpose. The F-word should be removed from your vocabulary immediately, by armed force if necessary, and replaced by a more specific term that means… something. Anything. “Security?” It’s like that, but even more appalling. I will readily concede that out in meatspace, these eight distasteful letters have a role. How would you know which people to avoid without the phrase security guard? Yes, yes, authori- tarian goon could serve in its place, but it doesn’t precisely roll off the tongue. Social Security? That’s a thing. But how do these relate to computing? As always in these cases, I reach for the Single Source of Linguistic Truth: my Oxford English Dictionary, from that delightful Edwardian era best known as World War Intermission. Comput- ers were people then and understood instructions like “lock up the cipher’s secret keys at the end of your shift.” We didn’t have to define locks, or secrets, or ciphers in sufficient detail that a machine designed to the highest standards of malicious obedience couldn’t misunderstand them. Security meant “do it right or the authoritarian goons will smack you until you do.” So, let’s go to the official definition of this word. Wait. The official definition fills most of page 370 and spills over onto 371. There’s no way I’ll quote all that. I’ll skim and cherry-pick some definitions that conveniently support my argument. 1. “The condition of being secure.” Defining a word with its own root? That’s nearly as helpful as the documentation helpdesk staff give users. Moving on. 2. “The condition of being protected from or not exposed to danger; safety.” Here’s my question: does the boss want the staff computers protected from danger, or the staff protected from the dangers of computers? Don’t you dare try to tell me that computers don’t threaten people; I’ve seen YouTube, and don’t get me started on Myspace or Facestagram or whatever they call it these days. FreeBSD Journal • May/June 2021 5 2 of 3 3. “Freedom from doubt; confidence, assurance. Now chiefly, well-founded confi- dence, certainty.” Computers are not only doubt incarnate, they are unapologetic doubt factories, spewing dig- ital uncertainty every millisecond they’re running. We call ourselves engineers, but civil engineers get really upset when a suspension bridge unexpectedly dumps core. It’s the sort of thing that makes the news and gets unpopular employees exiled to Farawayistan to maintain that oh-so- vital sham of accountability. In computing, when a server crashes, we check the logs and see there’s nothing, so we wait to see if it happens again, all the while desperately hoping it doesn’t. Maybe we turn on extra monitoring if we have it. This isn’t a matter of laziness. The tools to identify many problems do not exist, and the ones that do exist are beyond the comprehension of the average sysadmin. You can learn the tools, yes, but when you master them, you have to figure out how to fix them and then it’s too late, you’ve become a developer and your life is essentially concluded. Civil engineers at least have the benefit of being able to go look at their bridges and say helpful things like “This critical bolt is starting to bend, maybe we should stop sending trains full of lead across it while I check it out.” They’ll be told no, of course, but the en- gineers know to save the memos so that when the bridge dumps core the blame flows uphill. If you don’t want doubt, get a different job. Try something with feral hamsters. They’re more rational than computers. 4. “Freedom from care, anxiety, or apprehension; a feeling of safety or freedom from or absence of danger.” Oh heck, I know—I KNOW—that you did not just try to apply “freedom from care” to any- thing in systems administration. Anxiety and apprehension are the soul of technology manage- ment. Confidence is for the organization’s Chief Scapegoat Officer, someone so far removed from the day-to-day operation that they have no idea what’s really going on down in the cubi- cle sewer. People who do the real work understand that computers are untrustworthy. Your test environment is exactly like your production environment, except that the database server has a slightly older CPU lacking two instructions present in production? Guess what’s going to bite you? Hint: it’s not that. You know about that. Rule 44 of systems administration clearly declares that “a perfect deployment means only that you haven’t yet noticed the catastrophe.” If you think this rule isn’t true, you haven’t been paying attention. Your job description should read “go surfing in a blender.” And that’s the real problem.
Load more

Recommended publications
  • Katalog Elektronskih Knjiga
    KATALOG ELEKTRONSKIH KNJIGA Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 1 Peter Kent Pay Per Click Search 2006 0-471-74594-3 130 Kupovina Engine Marketing for Dummies 2 Terry Large Access 1 2007 Internet Freeware 3 Kevin Smith Excel Lassons & Tutorials 2004 Internet Freeware 4 Terry Michael Photografy Tutorials 2006 Internet Freeware Janine Peterson Phil Pivnick 5 Jake Ludington Converting Vinyl LPs 2003 Internet Freeware to CD 6 Allen Wyatt Cleaning Windows XP 2004 0-7645-7311-X Poklon for Dummies 7 Peter Kent Sarch Engine Optimization 2006 0-4717-5441-2 Kupovina for Dummies 8 Terry Large Access 2 2007 Internet Freeware 9 Dirk Dupon How to write, create, 2005 Internet Freeware promote and sell E-books on the Internet 10 Chayden Bates eBook Marketing 2000 Internet Freeware Explained 11 Kevin Sinclair How To Choose A 1999 Internet Freeware Homebased Bussines 12 Bob McElwain 101 Newbie-Frendly Tips 2001 Internet Freeware 13 Windows Basics 2004 Poklon 14 Michael Abrash Zen of Graphic 2005 Poklon Programming, 2. izdanje 15 13 Hot Internet 2000 Internet Freeware Moneymaking Methods 16 K. Williams The Complete HTML 1998 Poklon Teacher 17 C. Darwin On the Origin of Species Internet Freeware 2/175 Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 18 C. Darwin The Variation of Animals Internet Freeware 19 Bruce Eckel Thinking in C++, Vol 1 2000 Internet Freeware 20 Bruce Eckel Thinking in C++, Vol 2 2000 Internet Freeware 21 James Parton Captains of Industry 1890 399 Internet Freeware 22 Bruno R. Preiss Data Structures and 1998 Internet
    [Show full text]
  • Advanced Integration
    ZFS: Advanced Integration Allan Jude -- [email protected] @allanjude Introduction: Allan Jude • 16 Years as FreeBSD Server Admin • FreeBSD src/doc committer (ZFS, installer, boot loader, GELI, bhyve, libucl, libxo) • FreeBSD Core Team (July 2016 - 2018) • Co-Author of “FreeBSD Mastery: ZFS” and “FreeBSD Mastery: Advanced ZFS” with Michael W. Lucas • Architect of the ScaleEngine CDN (HTTP and Video) • Host of weekly BSDNow.tv Podcast • Personally Responsible for 1000 TB of ZFS Storage ZFS: What Is It? • ZFS is a filesystem with a built in volume manager (combine multiple disks into a pool) • Space from the pool is thin-provisioned to multiple filesystems or block volumes (zvols) • All data and metadata is checksummed • Optional transparent compression • Copy-on-Write with snapshots and clones • Each filesystem is tunable with properties Snapshots and Clones • Copy-on-Write means snapshots are instant • Blocks referenced by a snapshot kept when they are removed from the live filesystem • Snapshots allows you to access the file- system as it was when snapshot was taken • No performance impact on reads/writes • Take no additional space until blocks change • Clones allow you to “fork” a filesystem Boot Environments • If the root filesystem is on ZFS, you can snapshot before an upgrade, then clone it • You now have 2 filesystems, one before the upgrade, and one after. Only takes the space of blocks that changed • FreeBSD boot loader allows you to select which one to use from a menu • Upgrade without fear, can always rollback Boot Environment Tooling • Existing tool: sysadmin/beadm • GSoC 2017: be(8) and libbe(3) • New tool supports better management of filesystem properties for boot integration • New tool will support “deep” boot environments.
    [Show full text]
  • The Release Engineering of Freebsd 4.4
    The Release Engineering of FreeBSD 4.4 Murray Stokely [email protected] Wind River Systems Abstract different pace, and with the general assumption that they This paper describes the approach used by the FreeBSD re- have first gone into FreeBSD-CURRENT and have been lease engineering team to make production-quality releases thoroughly tested by our user community. of the FreeBSD operating system. It details the methodol- In the interim period between releases, nightly snap- ogy used for the release of FreeBSD 4.4 and describes the shots are built automatically by the FreeBSD Project build tools available for those interested in producing customized machines and made available for download from ftp: FreeBSD releases for corporate rollouts or commercial pro- //stable.FreeBSD.org. The widespread availabil- ductization. ity of binary release snapshots, and the tendency of our user community to keep up with -STABLE development with CVSup and “make world”[8] helps to keep FreeBSD- 1 Introduction STABLE in a very reliable condition even before the qual- ity assurance activities ramp up pending a major release. The development of FreeBSD is a very open process. Bug reports and feature requests are continuously sub- FreeBSD is comprised of contributions from thousands of mitted by users throughout the release cycle. Problem people around the world. The FreeBSD Project provides reports are entered into our GNATS[9] database through anonymous CVS[1] access to the general public so that email, the send-pr(1) application, or via a web-based form. others can have access to log messages, diffs between de- In addition to the multitude of different technical mailing velopment branches, and other productivity enhancements lists about FreeBSD, the FreeBSD quality-assurance mail- that formal source code management provides.
    [Show full text]
  • Freebsd Handbook
    FreeBSD Handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/han... FreeBSD Handbook The FreeBSD Documentation Project Copyright © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 The FreeBSD Documentation Project Welcome to FreeBSD! This handbook covers the installation and day to day use of FreeBSD 8.3-RELEASE and FreeBSD 9.1-RELEASE. This manual is a work in progress and is the work of many individuals. As such, some sections may become dated and require updating. If you are interested in helping out with this project, send email to the FreeBSD documentation project mailing list. The latest version of this document is always available from the FreeBSD web site (previous versions of this handbook can be obtained from http://docs.FreeBSD.org/doc/). It may also be downloaded in a variety of formats and compression options from the FreeBSD FTP server or one of the numerous mirror sites. If you would prefer to have a hard copy of the handbook, you can purchase one at the FreeBSD Mall. You may also want to search the handbook. REDISTRIBUTION AND USE IN SOURCE (XML DOCBOOK) AND 'COMPILED' FORMS (XML, HTML, PDF, POSTSCRIPT, RTF AND SO FORTH) WITH OR WITHOUT MODIFICATION, ARE PERMITTED PROVIDED THAT THE FOLLOWING CONDITIONS ARE MET: 1. REDISTRIBUTIONS OF SOURCE CODE (XML DOCBOOK) MUST RETAIN THE ABOVE COPYRIGHT NOTICE, THIS LIST OF CONDITIONS AND THE FOLLOWING DISCLAIMER AS THE FIRST LINES OF THIS FILE UNMODIFIED. 2. REDISTRIBUTIONS IN COMPILED FORM (TRANSFORMED TO OTHER DTDS, CONVERTED TO PDF, POSTSCRIPT, RTF AND OTHER FORMATS) MUST REPRODUCE THE ABOVE COPYRIGHT NOTICE, THIS LIST OF CONDITIONS AND THE FOLLOWING DISCLAIMER IN THE DOCUMENTATION AND/OR OTHER MATERIALS PROVIDED WITH THE DISTRIBUTION.
    [Show full text]
  • Full Disk Encryption
    Full Disk Encryption David Klaftenegger Department of Information Technology Uppsala University, Sweden 22. March 2019 Caveat Auditor Background Software LUKS this talk contains opinions Questions my opinions not the university’s nor do I claim to be an expert ... so expect some imprecision and errors 22 Mar 2019 Full Disk Encryption - Cryptoparty - 2 - David K My choices loss / theft broken device selling device singular access by evil maid important to you (that I can’t see it) protect in case of • device loss? • theft? • police? • nation state attackers? What’s the problem? Why encrypt data? Background Software LUKS Questions 22 Mar 2019 Full Disk Encryption - Cryptoparty - 3 - David K My choices loss / theft broken device selling device singular access by evil maid (that I can’t see it) protect in case of • device loss? • theft? • police? • nation state attackers? What’s the problem? Why encrypt data? Background important to you Software LUKS Questions 22 Mar 2019 Full Disk Encryption - Cryptoparty - 3 - David K My choices loss / theft broken device selling device singular access by evil maid protect in case of • device loss? • theft? • police? • nation state attackers? What’s the problem? Why encrypt data? Background important to you (that I can’t see it) Software LUKS Questions 22 Mar 2019 Full Disk Encryption - Cryptoparty - 3 - David K My choices loss / theft broken device selling device singular access by evil maid What’s the problem? Why encrypt data? Background important to you (that I can’t see it) Software protect in case
    [Show full text]
  • DN Print Magazine BSD News BSD Mall BSD Support Source Wars Join Us
    Mirrors Primary (US) Issues August 2001 August 2001 Get BSD Contact Us Search BSD FAQ New to BSD? DN Print Magazine BSD News BSD Mall BSD Support Source Wars Join Us T H I S M O N T H ' S F E A T U R E S From the Editor The Effects of Tuning a FreeBSD Box for High Open Packages Reaches Performance Milestone 2 by Gilbert Gong by Chris Coleman Each BSD project has its A stock FreeBSD installation delivers a system which is own 3rd party software designed to meet the needs of most users, and strives to packaging system. They are provide the best balance of safety, reliablity, and all based on the same code, performance in a multi-user environment. It is therefore not yet, each of them have optimized for use as a high performance dedicated network features that make one server. This article investigates the effect of tuning a better than the other. Open FreeBSD for use as a dedicated network server. Read More Packages is a volunteer project to unify that code base and incorporate the best features of each. The NetBSD rc.d system by Will Andrews Get BSD Stuff There's been a lot of hubbub the last few months about NetBSD's new rc.d system being the successor of 4.4BSD's. At the USENIX Annual Technical Conference 2001 in Boston, MA, I had the pleasure of sitting down to listen to Luke Mewburn of Wasabi Systems discuss the new rc system NetBSD introduced in their operating system in the 1.5 release earlier this year.
    [Show full text]
  • Bsdcan 2004 by Bill Moran Bsdcan Conference Roundup This Is a Description of My Trip to Bsdcan 2004 in Ottawa, by Chris Coleman Canada
    Daemon News: May 2004 http://ezine.daemonnews.org/200405/ Mirrors Issues April 2004 May 2004 Get BSD Contact Us Search BSD FAQ New to BSD? DN Print Magazine BSD News BSD Mall BSD Support Join Us 1 of 4 26.05.2004 08:14 Daemon News: May 2004 http://ezine.daemonnews.org/200405/ T H I S M O N T H ' S F E A T U R E S From the Editor BSDCan 2004 by Bill Moran BSDCan Conference Roundup This is a description of my trip to BSDCan 2004 in Ottawa, by Chris Coleman Canada. If you're interested in BSD or computers in general and Didn't make it to BSDCan? did not go to BSDCan, then you made a huge mistake. The Here are all the things you conference was tremendiously educational, and the trip was a missed so you can start great opportunity to meet a number of great people, and visit a feeling guilty. beatiful city. The conference was also very affordable, and there were more than a few who attended on a shoestring budget (I tried to do this, but ended up drinking far too much beer). A Get BSD Stuff number of people also visited from tremendious distances ... attendees arrived from all over the world, so anyone who didn't make it really has no excuse. Read More Bosko's Adventures at BSDCan 2004 by Bosko Milekic It's Sunday, May 16, 2004. 5:30PM. BSDCan has come to a formal close late last night at around 2:00AM, when George, other NYCBUGers, myself, and a friend decided to finally give the poor waitresses tending on us a break, and leave the pub once and for all.
    [Show full text]
  • A Bibliography of O'reilly & Associates and O
    A Bibliography of O'Reilly & Associates and O'Reilly Media. Inc. Publishers Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 08 February 2021 Version 3.67 Title word cross-reference #70 [1263, 1264]. #70-059 [1263]. #70-068 [1264]. 2 [949]. 2 + 2 = 5986 [1456]. 3 [1149, 1570]. *# [1221]. .Mac [1940]. .NET [1860, 22, 186, 342, 441, 503, 591, 714, 716, 721, 730, 753, 786, 998, 1034, 1037, 1038, 1043, 1049, 1089, 1090, 1091, 1119, 1256, 1468, 1858, 1859, 1863, 1899, 1900, 1901, 1917, 1997, 2029]. '05 [461, 1532]. 08 [1541]. 1 [1414]. 1.0 [1009]. 1.1 [59]. 1.2 [1582]. 1000 [1511]. 1000D [1073]. 10g [711, 710]. 10th [2109]. 11 [1385]. 1 2 2 [53, 209, 269, 581, 2134, 919, 940, 1515, 1521, 1530, 2023, 2045]. 2.0 [2, 55, 203, 394, 666, 941, 1000, 1044, 1239, 1276, 1504, 1744, 1801, 2073]. 2.1 [501]. 2.2 [201]. 2000 [38, 202, 604, 610, 669, 927, 986, 1087, 1266, 1358, 1359, 1656, 1751, 1781, 1874, 1959, 2069]. 2001 [96]. 2003 [70, 71, 72, 73, 74, 279, 353, 364, 365, 789, 790, 856, 987, 1146, 1960, 2026]. 2003-2013 [1746]. 2004 [1195]. 2005 [84, 151, 755, 756, 1001, 1041, 1042, 1119, 1122, 1467, 2120, 2018, 2056]. 2006 [152, 153]. 2007 [618, 726, 727, 728, 1123, 1125, 1126, 1127, 2122, 1973, 1974, 2030].
    [Show full text]
  • Freebsd Release Engineering
    FreeBSD Release Engineering Murray Stokely <[email protected]> FreeBSD is a registered trademark of the FreeBSD Foundation. Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trade- marks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol. 2018-06-12 18:54:46 +0000 by Benedict Reuschling. Abstract Note This document is outdated and does not accurately describe the current release procedures of the FreeBSD Release Engineering team. It is re- tained for historical purposes. The current procedures used by the Free- BSD Release Engineering team are available in the FreeBSD Release Engi- neering article. This paper describes the approach used by the FreeBSD release engineering team to make pro- duction quality releases of the FreeBSD Operating System. It details the methodology used for the official FreeBSD releases and describes the tools available for those interested in produc- ing customized FreeBSD releases for corporate rollouts or commercial productization. Table of Contents 1. Introduction ........................................................................................................................... 1 2. Release Process ......................................................................................................................
    [Show full text]
  • Freebsd VS. Linux: ZFS by ALLAN JUDE
    SEE TEXT ONLY FreeBSD VS. Linux: ZFS BY ALLAN JUDE Why Use ZFS? It is not that other filesystems are bad; they just make the mistake of trusting your storage hardware to return your data when you ask for it. As it turns out, hard drives are pretty good at that, but pretty good is often not good enough. ZFS is the only open-source, OpenZFS is available on many plat- production-quality filesystem that can not only forms, including FreeBSD and Solaris detect but correct the errors when a disk derivatives like IllumOS, as well as Mac returns incorrect data. By combining the roles of filesystem and volume manager, ZFS is also OS X and Linux. However, not all of the able to ensure your data is safe, even in the functionality is available on the latter absence of one or more disks, depending on platforms. The FreeBSD Project has fully your configuration. ZFS doesn’t trust your adopted ZFS, putting significant effort hardware; it verifies that the correct data was into integrating it with the system and returned from each read from the disk. The primary design consideration for ZFS is management tools to make ZFS a seam- the safety of the data. Every block that is writ- less part of the OS, rather than a bolt- ten to the filesystem is accompanied by a ed-on extra. OpenZFS is better inte- checksum of the data, stored with the other grated, instrumented, and documented metadata. That metadata block also has a on FreeBSD than on any of the various checksum, as does its parent, all the way up to the top-level block, called the uber block.
    [Show full text]
  • Freebsd Enterprise Storage Polish BSD User Group Welcome 2020/02/11 Freebsd Enterprise Storage
    FreeBSD Enterprise Storage Polish BSD User Group Welcome 2020/02/11 FreeBSD Enterprise Storage Sławomir Wojciech Wojtczak [email protected] vermaden.wordpress.com twitter.com/vermaden bsd.network/@vermaden https://is.gd/bsdstg FreeBSD Enterprise Storage Polish BSD User Group What is !nterprise" 2020/02/11 What is Enterprise Storage? The wikipedia.org/wiki/enterprise_storage page tells nothing about enterprise. Actually just redirects to wikipedia.org/wiki/data_storage page. The other wikipedia.org/wiki/computer_data_storage page also does the same. The wikipedia.org/wiki/enterprise is just meta page with lin s. FreeBSD Enterprise Storage Polish BSD User Group What is !nterprise" 2020/02/11 Common Charasteristics o Enterprise Storage ● Category that includes ser$ices/products designed &or !arge organizations. ● Can handle !arge "o!umes o data and !arge num%ers o sim#!tano#s users. ● 'n$olves centra!ized storage repositories such as SA( or NAS de$ices. ● )equires more time and experience%expertise to set up and operate. ● Generally costs more than consumer or small business storage de$ices. ● Generally o&&ers higher re!ia%i!it'%a"aila%i!it'%sca!a%i!it'. FreeBSD Enterprise Storage Polish BSD User Group What is !nterprise" 2020/02/11 EnterpriCe or EnterpriSe? DuckDuckGo does not pro$ide search results count +, Goog!e search &or enterprice word gi$es ~ 1 )00 000 results. Goog!e search &or enterprise word gi$es ~ 1 000 000 000 results ,1000 times more). ● /ost dictionaries &or enterprice word sends you to enterprise term. ● Given the *+,CE o& many enterprise solutions it could be enterPRICE 0 ● 0 or enterpri$e as well +.
    [Show full text]
  • Comparison of Disk Encryption Software 1 Comparison of Disk Encryption Software
    Comparison of disk encryption software 1 Comparison of disk encryption software This is a technical feature comparison of different disk encryption software. Background information Name Developer First released Licensing Maintained? ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes [1] BestCrypt Jetico 1993 Proprietary Yes BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes BitLocker Drive Encryption Microsoft 2006 Proprietary Yes Bloombase Keyparc Bloombase 2007 Proprietary Yes [2] CGD Roland C. Dowdeswell 2002-10-04 BSD Yes CenterTools DriveLock CenterTools 2008 Proprietary Yes [3][4][5] Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999 Proprietary Yes [6] CrossCrypt Steven Scherrer 2004-02-10 GPL No Cryptainer Cypherix (Secure-Soft India) ? Proprietary Yes CryptArchiver WinEncrypt ? Proprietary Yes [7] cryptoloop ? 2003-07-02 GPL No cryptoMill SEAhawk Proprietary Yes Discryptor Cosect Ltd. 2008 Proprietary Yes DiskCryptor ntldr 2007 GPL Yes DISK Protect Becrypt Ltd 2001 Proprietary Yes [8] cryptsetup/dmsetup Christophe Saout 2004-03-11 GPL Yes [9] dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05 GPL Yes DriveCrypt SecurStar GmbH 2001 Proprietary Yes DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary Yes [10] E4M Paul Le Roux 1998-12-18 Open source No e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes Dustin Kirkland, Tyler Hicks, (formerly [11] eCryptfs 2005 GPL Yes Mike Halcrow) FileVault Apple Inc. 2003-10-24 Proprietary Yes FileVault 2 Apple Inc. 2011-7-20 Proprietary
    [Show full text]